Change service directory permission; change python3 to python38
User inside the container images for logscraper and loggearman is setting lowest value that is set in the system which is 1000. This uid and gid is provided for other user and the services should be running with different uids/gids. In that case, the logscraper service gid/uid is 10210 and loggearman gid/uid is set to 10211. Change-Id: Ida0e2ceaf341fb7cbea18f3eaf161daa836e8ea7
This commit is contained in:
Daniel Pawlik
parent
7fcc5517b8
commit
c8b8c580ae
10
Dockerfile
10
Dockerfile
@ -17,13 +17,13 @@ FROM quay.io/centos/centos:stream8
|
||||
|
||||
ENV PATH=/workspace/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
RUN groupadd logscraper && \
|
||||
useradd --home-dir /home/logscraper -g logscraper logscraper
|
||||
RUN groupadd logscraper --gid 1000 && \
|
||||
useradd --home-dir /home/logscraper --gid 1000 --uid 1000 logscraper
|
||||
|
||||
RUN dnf update -y && \
|
||||
dnf install -y python3 python3-setuptools \
|
||||
python3-devel python3-wheel \
|
||||
python3-pip git
|
||||
dnf install -y python38 python38-setuptools \
|
||||
python38-devel python38-wheel \
|
||||
python38-pip git
|
||||
|
||||
COPY . /tmp/src
|
||||
RUN cd /tmp/src && \
|
||||
|
||||
@ -22,5 +22,11 @@
|
||||
- https://zuul.opendev.org/api/tenant/openstack
|
||||
insecure: false
|
||||
job_names: []
|
||||
pre_tasks:
|
||||
- name: Update all packages
|
||||
become: true
|
||||
package:
|
||||
name: "*"
|
||||
state: latest
|
||||
roles:
|
||||
- check-services
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
---
|
||||
loggearman_user: loggearman
|
||||
loggearman_group: loggearman
|
||||
loggearman_gid: 10211
|
||||
loggearman_uid: 10211
|
||||
|
||||
loggearman_dir: /etc/loggearman
|
||||
loggearman_log_dir: /var/log/loggearman
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
- name: Create decidated group
|
||||
group:
|
||||
name: "{{ loggearman_group }}"
|
||||
gid: "{{ loggearman_gid }}"
|
||||
state: present
|
||||
|
||||
- name: Create dedicated user
|
||||
@ -10,6 +11,7 @@
|
||||
state: present
|
||||
comment: "Dedicated user for loggearman"
|
||||
group: "{{ loggearman_group }}"
|
||||
uid: "{{ loggearman_uid }}"
|
||||
shell: "/sbin/nologin"
|
||||
create_home: false
|
||||
|
||||
@ -19,6 +21,7 @@
|
||||
state: directory
|
||||
owner: "{{ loggearman_user }}"
|
||||
group: "{{ loggearman_group }}"
|
||||
mode: "0755"
|
||||
loop:
|
||||
- "{{ loggearman_dir }}"
|
||||
- "{{ loggearman_log_dir }}"
|
||||
@ -29,7 +32,7 @@
|
||||
state: touch
|
||||
owner: "{{ loggearman_user }}"
|
||||
group: "{{ loggearman_group }}"
|
||||
mode: "0666"
|
||||
mode: "0644"
|
||||
loop:
|
||||
- client
|
||||
- worker
|
||||
@ -43,6 +46,9 @@
|
||||
template:
|
||||
src: "{{ item }}.yml.j2"
|
||||
dest: "{{ loggearman_dir }}/{{ item }}.yml"
|
||||
owner: "{{ loggearman_user }}"
|
||||
group: "{{ loggearman_group }}"
|
||||
mode: "0644"
|
||||
loop:
|
||||
- client
|
||||
- worker
|
||||
|
||||
@ -4,8 +4,11 @@
|
||||
/usr/bin/podman run \
|
||||
--network host \
|
||||
--rm \
|
||||
--user 1000:1000 \
|
||||
--uidmap 0:{{ loggearman_uid + 1 }}:999 \
|
||||
--uidmap 1000:{{ loggearman_uid }}:1 \
|
||||
--name loggearman-{{ item }} \
|
||||
--volume {{ loggearman_dir }}:{{ loggearman_dir }}:Z \
|
||||
--volume {{ loggearman_dir }}:{{ loggearman_dir }}:z \
|
||||
--volume {{ loggearman_log_dir }}:{{ loggearman_log_dir }}:z \
|
||||
{{ container_images['loggearman'] }} \
|
||||
log-gearman-{{ item }} \
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
---
|
||||
logscraper_user: logscraper
|
||||
logscraper_group: logscraper
|
||||
logscraper_gid: 10210
|
||||
logscraper_uid: 10210
|
||||
logscraper_dir: /etc/logscraper
|
||||
|
||||
container_images:
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
- name: Create dedicated group
|
||||
group:
|
||||
name: "{{ logscraper_group }}"
|
||||
gid: "{{ logscraper_gid }}"
|
||||
state: present
|
||||
|
||||
- name: Create dedicated user
|
||||
@ -10,6 +11,7 @@
|
||||
state: present
|
||||
comment: "Dedicated user for logscraper"
|
||||
group: "{{ logscraper_group }}"
|
||||
uid: "{{ logscraper_uid }}"
|
||||
shell: "/sbin/nologin"
|
||||
create_home: false
|
||||
|
||||
@ -19,6 +21,7 @@
|
||||
state: directory
|
||||
owner: "{{ logscraper_user }}"
|
||||
group: "{{ logscraper_group }}"
|
||||
mode: "0755"
|
||||
|
||||
- name: Ensure container software is installed
|
||||
package:
|
||||
|
||||
@ -13,6 +13,14 @@
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Set empty logscraper checkpoint file
|
||||
file:
|
||||
path: "{{ item.checkpoint_file | default(logscraper_dir + '/checkpoint') }}"
|
||||
state: touch
|
||||
owner: "{{ logscraper_user }}"
|
||||
group: "{{ logscraper_group }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: Enable and restart service
|
||||
service:
|
||||
name: logscraper-{{ item.tenant }}
|
||||
|
||||
@ -3,6 +3,9 @@
|
||||
/usr/bin/podman run \
|
||||
--network host \
|
||||
--rm \
|
||||
--user 1000:1000 \
|
||||
--uidmap 0:{{ logscraper_uid + 1 }}:999 \
|
||||
--uidmap 1000:{{ logscraper_uid }}:1 \
|
||||
--name logscraper-{{ item.tenant }} \
|
||||
--volume {{ logscraper_dir }}:{{ logscraper_dir }}:z \
|
||||
{{ container_images['logscraper'] }} \
|
||||
|
||||
@ -18,13 +18,13 @@ FROM quay.io/centos/centos:stream8
|
||||
ENV OSLO_PACKAGE_VERSION='0.0.1'
|
||||
ENV PATH=~/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
RUN groupadd loggearman && \
|
||||
useradd --home-dir /home/loggearman -g loggearman loggearman
|
||||
RUN groupadd --gid 1000 loggearman && \
|
||||
useradd --home-dir /home/loggearman --gid 1000 --uid 1000 loggearman
|
||||
|
||||
RUN dnf update -y && \
|
||||
dnf install -y python3 python3-setuptools \
|
||||
python3-devel python3-wheel \
|
||||
python3-pip git
|
||||
dnf install -y python38 python38-setuptools \
|
||||
python38-devel python38-wheel \
|
||||
python38-pip git
|
||||
|
||||
COPY . /tmp/src
|
||||
RUN cd /tmp/src && \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user